Release notes for the Respond to an NHS cyber alert service

• Threat intelligence auditors can now edit published confidential high severity alerts (HSA) from within the portal.
• Threat intelligence auditors can now view a summary of all confidential high severity alerts (HSA) issued.

• Threat intelligence auditors can now send confidential high severity alerts (HSA) from within the portal. 
• Confidential alert details are accessible from within the portal for registered users.
• All HSA alert emails will now include a Traffic Light Protocol (TLP) rating. For guidance on what these ratings mean see our guidance page: https://digital.nhs.uk/services/respond-to-an-nhs-cyber-alert/guidance-for-responding-to-an-nhs-cyber-alert

• We have reduced the number of screens where notifications are appearing.
• Our Service Administrators can search for auditors by role.
• Our Service Administrators can refine the contact list by organisation before generating the CSV.

• A bug has been fixed where error links were not taking users to the correct input field to resolve the error.
• A bug has been fixed where regions were not deselecting when an alternative auditor type was selected by service administrators.
• Various infrastructure updates have been made to improve the performance, resiliency and security of the product.

• Auditor users can now filter response status reports by residual risk acceptance.
• A bug has been fixed that was preventing the sending of the not-logged-in-reminder email.
• Various infrastructure updates to improve performance of the product.

• As a user with the ability to send emails from the system I can now use the full range of Gov Notify formatting options.
  • https://www.notifications.service.gov.uk/using-notify/formatting
• Service administrator users can now access a tracker to monitor whether text messages and emails have successfully sent when a new high severity alert is issued.
• Users with access to the HSA tracker can now manually trigger the background job that sends emails and text messages if the details for a new alert are pulled into the system but the emails and text messages do not send as expected.
• A bug has been fixed where cursors were not displaying correctly when trying to use the stats counter links in the auditor response status report.

• A bug has been fixed where duplicate table headers were displaying in auditor reports when using a mobile or tablet device.
• A bug has been fixed where the line item showing that a threat intelligence update had been sent to an organisation was appearing twice for auditor users viewing the event history for some organisations.
• The speed and performance of loading the overdue actions report has been improved to prevent the number of timeouts that were occurring on this report.

• Responding users can now access best practice guidance for responding to alerts from the task list for any high severity alert.
• A relevant message now displays in the HSA status tracker for manually created cyber alerts.
• Report filters on the response status report and overdue actions report are now sticky and will move down the screen as a user scrolls each report.
• The HSA status tracker results screen now includes links to review the service status of NHSmail and Gov Notify.
• Various infrastructure changes to improve security and resiliency of the product.

• The 'Beta' banner has been removed from the service.
• An error has been fixed that prevented users adding a mobile number.
• The phone number link on the session timeout screen now works correctly.

• Responding users can now more easily change the final status of a closed a alert response.
• Threat intelligence users can now manually create cyber alerts when there are known issues with automatically generating the alert email and text messages.
• We have fixed a bug preventing users from closing the cookies banner.
• We have fixed a bug where the incorrect validation error message was displaying when adding a year to the remediation actions task.

• We have resolved an issue with the email delivery failure report. This will now run as expected on the 1st of every month.
• The HSA status tracker now checks for high severity alert details in the Content Management System if it is not able to find the alert in the API.
• Responding users can now change the final status to Not Applicable for any closed alert response that is Complete or Not able to implement before getting to the Task List.
• Various security enhancements.

• When accessing the response history for a closed alert users will now be asked whether they want to change the status of the alert back to in progress or open the response history as read only.
  • A response is closed if it is either Not applicable, Complete or Not able to implement.
• Threat Intelligence Auditors will now be able to view the sending status of text messages for any future high severity alert using the HSA status tracker.
• To improve accessibility of the service any links that open in a new tab are labelled 'opens in a new tab'.
• Various security enhancements have been made.

• Auditor users can now search by integrated Care Board (ICB) name or ODS code to return all responses for organisations within a particular Integrated Care System (ICS).
• There is now a 500 character limit on all free text fields across the service.
• Navigating between tasks on the task list has been simplified by removing the continue option. It is now necessary to always return to the task list to choose the next task. This ensures that users can ensure they are only providing required information and not accidently providing optional information.
• Acknowledging alerts has been simplified for users acknowledging for 1 organisation by removing the confirmation step after using the 'Acknowledge alert' button.
• Email sending status details are now included in the high severity alert status tracker. Threat Intelligence auditors can now see whether emails have been successfully sent to all users. Additional information will be shown about any issues that may have occurred.
• A bug has been fixed where the 'Not Applicable' reason wording was not displaying correctly in auditor reports.
• Various infrastructure enhancements have been made.

• We have implemented role specific high severity alert text messages to ensure that the messaging for these text messages are appropriate to the responsibilities expected of the recipient.
• A status tracker has been implement for threat intelligence auditors so they can check whether high severity alerts have successfully sent after publishing an article.

• We have implemented role specific high severity alert emails to ensure that the messaging for these emails is appropriate to the responsibilities expected of the recipient.
• We have updated how we interact with the cyber alerts API to improve the performance and resiliency of the product.
• We have fixed a bug that was preventing some users from being able to provide response updates.
• We have fixed a bug where the ICB filter for auditor users was displaying some incorrect information..

• Auditor users can now download a CSV version of the individual alert report based on any filters applied in the user interface.
• Service Administrators now see a description of the different auditor roles when adding or editing users.
• A bug has been fixed where synchronisation with the organisation data service was not working.

• Threat intelligence users now have a different landing screen to help them navigate to the appropriate area of the service for the task they are looking to perform.
• When sending threat intelligence updates a new notification displays to inform the user when selected organisations do not have any registered email addresses.
• Various infrastructure updates have been made to improve the performance and security of the product.

• Integrated Care Board's (ICBs) can now be added onto the system as responding organisations. ICBs are designated in the system utilising the Higher Health Authority field of the Organisation Data Service API. An ICB that gets added as a responding organisation will sit within its own ICB in auditor reports.
• The 'NewAuditor' and 'UpdatedAuditor' emails have been amended to include relevant auditor sub-role details in-line with the recent changes to how auditor permissions are configured.
• Various emails have been reconfigured to support users holding multiple roles, ensuring that they don't receive duplicate or emails unnecessarily.
• A bug has been fixed where the 'Closed Organisation' filter in auditor reports was not returning results.
• A bug has been fixed where the organisation link on the threat intelligence events page was inappropriately leading to a not authorised message for manually closed organisations with a closure date prior to the alert issued date.
• A bug has been fixed where the user list CSV was only showing login details for the most recent role a user signed-in with.
• A bug has been fixed where a 404 error was incorrectly redirecting users to the session timeout page.

• Auditor users can now download a CSV version of the overdue actions report.
• Auditor permission setting has been changed so that auditor users can now be setup as either a National, Regional, ALB or Threat intelligence auditor.
• If you are still registered with an organisation when it is closed the closure email you receive now specifies whether the organisation closure was manual or automatic.
• A bug has been fixed where the user feedback and user list CSVs were not capturing the user's current role.

• The product has been rebranded with the NHS England logo following the recent merger between NHS Digital and NHS England.
• Users can now hold multiple role types.
• Infrastructure upgrades have been implemented to improve the performance and resiliency of the product.
• A bug has been fixed where the emails queued total was displaying negative numbers for threat intelligence updates and service administrator emails.

• Various infrastructure upgrades.

• All users will now be presented with a dynamically expanding text areas to make it easier to enter larger amounts of information when responding or creating emails.
• Responding users will now see a notification when adding an additional email address informing them which organisations the email address will be associated with and which email types they'll be receiving to the email address.
• Service administrators will now see a tooltip warning them if a permission is held by only 1 user.
• Service administrators will not be able to remove the last service administrator holding a permission.
• New service administrators will now be informed which permissions they have via email when first registered in the role.
• Existing service administrators will now be informed which permissions they have via email if their permissions get changed.

• The key performance indicator report now includes the next update due date, risk acceptance date and target completion date for each organisation for each alert where this information has been provided.
• Service administrators can now access a service communication report to view details about all service communications that have been sent from the system.
• A bug has been fixed where the monthly summary email showing not acknowledged and in progress alerts was showing alerts issued before an organisation was registered on the system. These alerts will no longer show in the email for users at organisations affected by this.
• The test alert CC-9999 has been removed from the system.

• The ability of service administrator's to manage users and organisations is now an optional permission that can be provided or taken away by other service administrators who already have the permission.
• Auditor users can now filter the overdue actions report by:
  • Year of issue
  • Organisation type
  • ODS role
  • National grouping
  • ICB
• Auditor users can now search the overdue actions report by organisation name or ODS code.
• A bug has been fixed where the reminder email sent to administrators at responding organisations informing them of which users at their organisation have not signed into the service was not being sent to additional email addresses.

• Users at responding organisations will now receive a monthly email informing them of high severity alerts that have either not yet been acknowledged or are still in progress.
• The ability of service administrator's to download user reports is now an optional permission that can be provided or taken away by other service administrators who already have the permission.
• Service administrators can now specify which user types to send emails to about the service.
• Auditor users can now filter the overdue actions report by the actions required field.
• NHS Digital (Live Services) has been renamed NHS England - X26 (Live Services) throughout the service.
• The auditor response status report has been changed so that the organisation search now sits above the response status totals.

• Auditors now have access to an overdue actions report where they can more easily view any updates that are due across all alerts that have been issued.
• Service administrators can now send out bespoke emails to all email addresses registered on the service.
• Service administrator permissions can now be restricted to reduce access to contact list downloads.
• Service administrators can now manually close organisations on the service to bypass waiting on automatic updates to pull through from the ODS API.
• A bug has been fixed where the session status was not timing out after 20 minutes on the email sending status screen for threat intelligence updates.

• Service administrator permissions can now be restricted to reduce access to email administration functionality.
• The link to guidance for responding to cyber alerts has been updated to direct users to https://digital.nhs.uk/services/respond-to-an-nhs-cyber-alert/guidance-for-responding-to-an-nhs-cyber-alert
• A link to these release notes is now available in the footer of the product.
• Various enhancements and refinements of infrastructure have been made.

• SMS sending status logging has been improved to make reporting on delivery failures easier.
• The alignment of tables in the auditor response status report has been improved to ensure that each table is consistently aligned throughout the report.
• A bug has been fixed where the Legal status and Historic reports filters were not resetting properly after a page refresh.
• A bug has been fixed where an unhandled exception was occurring if two different users updated the same user.

• A validation message will now display to responding users when attempting to provide a final status without having already provided alert applicability and remediation action updates.
• An email reminder will send to administrators if users at their organisations have not signed into the service.
• The sign-in link on the session timeout screen has been made more prominent.
• Information about the success or failure of threat intelligence updates will now display for auditing users when sending threat intelligence updates.
• The response totals on the auditor reports now function as filter links for responses statuses.
• The update due filter will now only show not acknowledged and in progress updates in the report.
• Validation messages have been made more consistent throughout the service.
• The service manager role has been renamed service service administrator throughout the service.
• The product's Infrastructure has been upgraded to improve overall performance and resilience.

• To reduce the burden of responding the target date for completion is now asked for as part of the remediation actions task.
  • It will be necessary to keep this date up to date and you will not be able to save an update if the target completion date is still set to be before your next update due date.
• To make it easier to monitor organisation performance across a number of cyber alerts responding users can now download a key performance indicators report showing whether organisation's have met the acknowledgement and completion expectations.
• To make it easier for auditor users to identify organisations with overdue updates they are are now able to filter the response status report by update overdue, due today or due tomorrow.

• Auditor users can now view any notes added against any organisation's response history that sits within their permission set via an events report screen for any alert.
• A bug has been fixed where time was displaying an incorrect format.
• New Remediation actions and Barriers to remediation updates will now start with a blank input field for responder users.
• Infrastructure changes have been made to reduce hosting costs.
• A new maintenance mode has been introduced to make it easier to take the service offline when performing more extensive updates to the product.

• The initial high severity alert email now includes CVE vulnerability information.
• The high severity alert text message now includes a threat identifier to make it easier to find the latest high severity alert in the cyber alerts repository before signing into the service.
• Auditor users with the ability to send threat intelligence emails can now filter the organisation selection by organisation types: ALB, live service, and NHS Organisations.
• Auditor users with the ability to send threat intelligence emails can now refine the organisation selection to de-select specific organisations.
• Auditor users with the ability to send threat intelligence emails will be asked on the preview email screen to confirm that the contact list and email content have been reviewed before sending any emails.

• All users can now provide feedback from within the service using a link in the BETA banner at the top of the screen.
• All auditor users can now view any threat intelligence emails that have been sent for any particular cyber alert by using the 'view events' link.
• A bug was fixed to prevent the loss of organisation selection when moving between screens whilst creating threat intelligence updates.

• Auditor users will now receive any threat intelligence updates that are issued to organisations in their permission set.
• The  service's database has been upgraded to the latest version.

• Auditor users with communication permissions can now refine the distribution list for threat intelligence updates by response status, ODS role, National Grouping and ICB.
• Auditor users with communication permissions can now view formatting options that are available for the content of threat intelligence updates.
• Service manager users and organisation administrators can now change roles for responding users.
• Responding users will be sent an automated email confirming any role changes.
• To improve the resiliency of email sending functionality all emails that fail to send will be triaged in a dead letter queue to be resent or deleted rather than automatically deleted after 4 days.

• Service manager users can provide auditor users with a 'Threat Intelligence Emails' permission set.
• Auditor users with the 'Threat Intelligence Emails' permission can send threat intelligence update emails to all registered email addresses for any  high severity alert.
• Any responding or auditor user that has not signed into the service will be sent a reminder email 7-days after being created, and then again every 30-days.

• The remediation success email will now send each time the 'next update due' date field is updated.
• If an auditor adds a note against an organisation's response history they can now delete this note as well.
• Various infrastructure improvements have been made to ensure the resiliency of email sending functionality.

• Auditor users can view HTML copies of system-generated emails sent to responding organisations. These emails are visible from each organisation's response history for any cyber alert.
• A search option is now available for service manager users from the manage auditor users screen.
• 'STP' has been updated to read 'ICB' to reflect the recent organisation structure changes.
• Various security enhancements have been made to the product's infrastructure to better ensure service resiliency and user safety.

• Auditor users can now add notes against any responding organisation to inform other auditor users when an organisation has been contacted.
• The footer of the site has been updated to enable the inclusion of links to the service's accessibility statement and a screen containing contact details and links to guidance for the service.
• Auditor users can now search the response status report to find organisations by organisation name or ODS code.
• Responder and Service manager users can now view any user-added alternative email addresses on an organisation's administration screen. 
• Auditor users can now view any user-added alternative email addresses on the organisation's contact details screen.
• A bug has been fixed to resolve a login issue.
• A bug has been fixed to resolve an issue experienced when the service is not able to retrieve email templates from Gov Notify.
• Various security enhancements have been made to make the service more resilient and safer to use.

• Update due and overdue emails now accommodate multiple alerts to reduce the number of emails being sent to responding users when they have updates due for multiple alerts on the same day.
• Task list wording has been updated to make it clearer which tasks have not been updated prior to a closing status of Complete, Not able to implement or Not applicable having been provided.
• A  search is now available from the all cyber alerts landing page to help auditors and responders find specific alerts by name or unique identifier.
• A bug has been resolved where auditor users could see some data that they were not supposed to be seeing in the KPI report.
• A bug has been resolved that was preventing organisation name changes being retrieved from the ODS API. All ICB changes are now appearing in the service as expected.
• Various security enhancements and infrastructure improvements have been made.

• To help make it easier to assess the effectiveness of the high severity alert process over time a new key performance indicator report has been introduced for auditor users. This will show key information for each organisation's responses to all alerts.
• A 'latest cyber alerts' section has been added to the landing page for responder and auditor users to help them more easily determine which alerts have been issued most recently.
• Additional reporting has been introduced to help manage undelivered text messages where the recipient phone number is either incorrect or deactivated.
• A bug has been fixed that populated manually created severity alerts into the service with a UTC time stamp instead of GMT or BST timestamp. All alerts created in the system will now have consistent timestamps.
• A bug has been fixed where update due dates were not showing in CSV versions of auditor reports when organisation responses were moved back to in progress from either Complete or Not able to implement.
• Various low criticality security issues have been resolved.

• To help auditor users legal status information has been made available in all reports. By default organisations that are listed as closed on the ODS API are filtered out from all on-screen reports in the service. Closed organisations can be shown in reports by changing the legal status filter to either show just 'closed organisations' or to show 'all organisations'.
• Filters have been added to the all cyber alerts landing screen to help all users more easily find alerts that they need to respond to, or check specific historic alerts.
• A bug has been fixed where not applicable comments were not appearing in auditor on-screen reports. All free-text information given by responding organisations when providing a not applicable status is now showing in on-screen auditor reports.
• Various infrastructure enhancements have been made to improve service resiliency.

• Responding users will now need to provide alert applicability details and at least 1 remediation actions update before being able to provide a final status of complete or not able to implement.
• Various technical enhancements have been made to improve the security of the products infrastructure.

• Responding organisations can now provide details of residual risk acceptance for any high severity alert.
• Auditor users can access details of residual risk acceptance provided by responding organisations.
• Additional reporting has been introduced to help manage undelivered emails because the recipient account is either incorrect or deactivated.
• A mandatory text input field has been included for organisation's to populate when providing a 'complete' status.
• Various technical enhancements have been made to improve the security of the products infrastructure.
• A bug has been fixed to prevent 'overdue' being erroneously displayed for all task list updates.

• Responder users can now access each selected organisation's full response history for each task from the task list.
• Auditor users can now access a read only version of each organisation's task list for each high severity alert.
• Auditor users can now access an organisation's full response history for each task from the task list.
• Auditor users can now view whether a task/property update is the latest update for that particular task/property type from within each of the CSV reports.
• An issue where duplicate historic update details were appearing for each new task update has been resolved.

• A task-list approach has been implemented to guide users through responding to high severity alerts.
• Reporting for auditor users has been adapted to accommodate the additional task-level information in on-screen and downloadable reports.
• Service manager users can now manually create high severity alerts from within the product to improve resiliency if issues arise with the retrieval of alert information from the cyber alerts API.

Read our guidance for responding to an NHS cyber alert. Our guidance includes suggestions for what to include at each stage of remediation and will help you to produce a robust response plan for any cyber alert.

• An issue has been fixed with formatting on PDF downloads.
• Additional validation has been added to email address input fields to prevent erroneous email addresses being added into the system.
• Various infrastructure improvements and security patches applied.

• All users can now register multiple mobile numbers for receiving high severity alerts via the 'manage contact preferences' area of the product.
• System-generated emails will now be sent to the recipient organisation contact email address to confirm removal from the system.
• Users responding for multiple organisations can now multi-respond for all of their organisations, regardless of whether they have until then held unique response histories.
• All emails are now queued before sending to ensure all emails get sent regardless of any service disruption.
• Various other issue fixes and infrastructure improvements have been made.

• An issue has been resolved that was affecting the 24-hour and 48-hour 'Not Acknowledged' reminder emails when there are multiple concurrent high severity alerts.
• 48 Hour 'Not Acknowledged' reminder emails will now only send on alternate days during the 14-day time period following a high severity alert being issued.
• When a new additional contact email address is added the confirmation email now includes organisation details to help users better understand what they can expect to receive to the recipient email address in future.

• Additional validation has been added to the 'next update due' field to reduce possibility of erroneous dates being added. The date added to this field must be within 28-days of the date the update is being made.
• To improve system accessibility email input fields will no longer auto-populate with 'nhs.net'.
• The formatting of free-text remediation updates has been improved to make it easier to read these updates in auditor reports.
• Various bugs have been fixed:
  • Navigation links and notifications will no longer show on authentication error screens.
  • Table column widths in reports have been amended to reduce wrapping issues in responsive modes.
  • An issue with a failed ODS API sync has been rectified so that missed ODS detail changes will be made.
• Various infrastructure improvements have been implemented to improve performance, security and resiliency of the product.

• Users at responding organisations can now download PDF reports of response information submitted for their organisation(s) for any high severity alert. These downloads are marked as official sensitive and are intended to be used for sharing with line management, as part of executive briefings and for evidence in DSPT returns.
• Auditor reporting now displays the filters that have been applied to a report in tags. These tags can also be used to clear any filter applied.
• The email sent to users when added to the system as a new auditor now makes it clearer which reporting permissions have been applied for that user.
• The email sent to auditor users when permissions have been changed now makes it clearer which reporting permissions have been applied for that user.
• 'ODS Code' and 'Organisation Name' labels have been changed throughout the product to be 'Code' and 'Name'. This has been done to reduce confusion between organisations and live services.
• Various infrastructure improvements have been made to make the service cheaper to run and more resilient.

• The initial acknowledgement process has been updated to reduce the burden on responding organisations upon first receiving a new high severity alert notification.
• Auditor reporting has been enhanced through the introduction of dynamic filtering, removing the requirement for users with JavaScript enabled to use the 'Apply' button when applying additional filters to remediation reports.
• Service Managers have access to a new report to assist with manually sending high severity alert notifications in the event of system failures in 3rd party services that the product is dependent upon.
• A bug has been fixed that prevented auditors receiving reminders about ALBs and Live Services.
• The "Remediation Not Complete Reminder" has been updated to include organisation details.

• Service manager users can now assign permissions to access reports based on 3 organisation types: NHS Organisation, ALB and Live service.
• Individual NHS Digital live services can now be registered on the product and nominated users can provide responses on their behalf.
• Live services are now visible to Service managers.
• Live services are now visible to auditors with appropriate permissions.
• The high severity alert emails have been updated to include bespoke content relevant to the organisation types that the recipient has access to the product on behalf of.
• Various reminder emails have been updated to include organisation details to assist with understanding of required actions upon receipt of the email.
• Various improvements have been made to facilitate automatic monitoring of code quality to ensure all code that gets released is less likely to negatively impact performance and security of the product.

• Auditor users can now use a historic reports filter for all alerts to view response statuses at 24 hours, 48 hours, 7 days and 14 days after an alert was issued.
• A reminder countdown will now display 60 seconds prior to a session timing out providing an option to extent a session as required. When a session times out it will redirect to a session timed out page.
• All service manager users can now view details about the bespoke tags that are used within each email template configured on the system.
• A bug that delayed the sending of the initial high severity alert email and SMS for CC-3948 has now been fixed.
• Various infrastructure improvements have been implemented.

• Responding users can now view the latest status for all cyber alerts directly from the landing page after successfully signing in.
• Auditor users can now view all contact details for any organisation within their permission set. This includes any additional email addresses that anyone at an organisation has provided either for themselves for their organisation.
• All users will now be redirected to the product's service page when signing out of the service.
• Bugs have been fixed to
  • prevent white spaces being included in email addresses added to the system
  • resolve text overlap issues with tables in responsive modes
  • ensure all automated emails are visible to auditor users in each organisation's response history.

• When a new update is successfully recorded all responding users registered with an organisation associated with the update will receive an email notification informing them of the successful update.
• All service manager users can now view details about the various email templates configured on the system.

• To help NHS Digital, NHS England and NHSx users contact the most appropriate people at an organisation they are now able to view all registered users for each organisation.
• The privacy and cookie policy has been updated to include details of who has access to personal information about users of the service.
• When an email address is removed from the high severity alert mailing list confirmation of removal will be sent to the email address that has been removed.
• To make it easier to check remediation advice a more prominent link to the cyber alert article is included in the blue banner for each high severity alert.
• To assist with system administration users in the service manager role can add other users into this role and remove them from it.
• Some minor design changes have been made to the manage access to organisations screen to improve user experience.

• To help administrators at responding organisations keep everyone informed about new high severity alerts, they can now add as many email addresses as they need to directly onto the high severity mailing list. Anyone added to this list won't receive the various reminder emails or be able to sign-in to the service to respond.
• When an email address is added to receive the high severity alert the new recipient will receive a confirmation email.
• Administrators will now see an on-screen notification offering guidance on how to add email addresses to receive high severity alert emails.
• Service manager users are now able to remove the final administrator from an organisation.

• To help responding organisations provide regular updates, when an update becomes overdue, users will now receive an automated reminder email. This will backdate to all historic alerts, so if an organisation has overdue updates for any alerts, users will receive this email for each of those overdue updates.
• To help users resolve some intermittent issues we have updated an error message to offer clearer guidance on what to do if it occurs.
• To help ensure that only active organisations can respond to alerts, it will now only be possible to respond to cyber alerts that are issued after an organisation is registered on the service.
• To help auditor users keep track of responses for their regions a reminder email will send 13 days after an alert has been issued to inform them whether there are any organisations with an In progress or Not acknowledged status.
• To help auditor users analyse response data there initial acknowledgements are now more easily identifiable in report downloads.
• To help manage the system it is now possible for our service team to change the regional permissions an auditor has from within the UI. When an auditor's permissions are changed they will receive an email informing them of the changes.
• An issue has been fixed to prevent users at closed organisations receiving automated reminder emails.
• To help ensure the security of the system various infrastructure and security updates have been made.

• Infrastructure upgrades to improve the performance and resiliency of the service.

• When a new high severity alert article is published the high severity alert email will automatically send to all email addresses registered on the service.
• When a new organisation is added to the service, users will only be able to respond to alerts that are at most 14 days old. Any alerts prior to this will be hidden from users as a response is not required.
• Auditor users will no longer see organisations in reports for alerts that were issued more than 14-days prior to the organisation being added to the service.
• Usability and accessibility enhancements have been made to auditor reports.

• All users can now add additional email addresses for receiving high severity alerts and reminders by using the 'manage contact preferences' link. Additional email addresses must be NHS.net, NHS.uk, or GOV.uk.
• An email will be automatically sent to the newly added email address to confirm it has been successfully added.
• All system-generated emails will send to your additional email addresses. This includes response reminders and user management emails.

• All users can now view their contact preferences for receiving high severity alert emails and text messages.
• It is now necessary to add version number details when providing a 'Not Applicable' response and giving 'we do not use this version' as a reason.
• Auditor users will now only see National Grouping filter options that are applicable for their regional permissions.
• Pending access requests will now be automatically denied when an organisation closes.

• An on-screen reminder will now display for any users that have not yet signed-up to receive high severity alerts by text message.
• Alert issued date and time has been made more accurate. For future alerts the time will be set to be exactly as is shown on the cyber alert article.
  • Reminder emails will now send based on the time on the cyber alert article
  • If your organisation has not provided a response by the 48 hour deadline, an email reminder will be sent straight away and subsequent reminders will be sent every 24 hours until the 14-day deadline, unless a response is provided before then.
  • If your organisation has not completed remediation within 7-days of the alert being issued a one-off reminder email will be sent exactly 7 days after the alert was issued.
• Auditor users will now receive an email 7-days after an alert has been issued informing them if any organisations in their region have not completed remediation.
• Various other system enhancements to improve quality control for new development work.

• Auditor users can now filter by STP on the latest status report.
• Auditor users will now receive a system-generated reminder email after the 48 hour deadline has passed to let them know when organisations in their region have not responded.

• Responder users will now receive a system-generated reminder email 24 hours after a high severity alert has been issued if their organisation has not yet provided an initial response
• Responder users will now receive a system-generated reminder email 24 hours before the 14-day completion deadline for any high severity alert.
• "Commissioning region" text has been removed from National Grouping regions to improve readiability and usability of auditor reports and service manager functionality.
• Filters are now retained when moving between auditor reporting screens.

• Alert issued date and time has been made more accurate. For future alerts the time will be set to when the alert was initially issued rather than setting to 23:59 on the day of the alert being issued (as happened previously).
  • Reminder emails will now send based on the exact time that deadlines are reached.
  • If your organisation has not provided a response by the 48 hour deadline, an email reminder will be sent straight away and subsequent reminders will be sent every 24 hours until the 14-day deadline, unless a response is provided before then.
  • If your organisation has not completed remediation within 7-days of the alert being issued a one-off reminder email will be sent exactly 7 days after the alert was issued.
• Administrator and service manager users now have a search capability for the 'manage access to organisation' screen to make it easier to find relevant users or organisation information.
• Auditor users can now filter the latest status report by National Grouping
• Filters now retain when moving between organisation level information and the latest status report
• Additional login status information is available for service manager users to help with any access queries

• Auditor users can now filter the latest status report by current response status
• Auditor users can now filter the latest status report by organisation type
• Organisation type information is now held against organisations based on what is held in ODS
• Organisation type information is now available in all auditor CSV downloads
• Issue fixed where reminder emails were being sent based on attachments to closed organisations
• Issue fixed that was causing problems with using the back button in Internet Explorer 11
• General security enhancements made to the application.

• The high severity alert will now be automatically sent by SMS using Gov.UK Notify. Find out how to opt-in to receive high severity alerts by SMS
• A system-generated email will be sent to users still registered at an organisation if it closes, informing them that they will no longer be able to respond on behalf of that organisation
• A system-generated email will be sent to all users registered with organisations that do not respond to high severity alerts within 48-hours of the alert being issued. This email will be sent every 24 hours after this until a response is given
• A system-generated email will be sent to all users registered with organisations that have not completed remediation 7-days after an alert was issued.

• Ability to add your mobile number and opt-in to receive high severity alerts by SMS
• Auto-closure of organisations based on legal end dates held in the ODS portal
• Automated reminder emails will be sent when your organisation needs to provide additional updates when responding to a high severity alert.
• Redesign of the manage organisation access screen to improve accessibility and user experience.

• Auto-updating of organisation names, STP and National Grouping information utilising the ODS API
• Ability for service manager users to add new organisations onto the service
• Latest response status totals included in the auditor report user interface
• Some backend security and framework enhancements.

• System-generated emails for approved responder access requests, and user removal confirmations
• System-generated emails for new auditor users, and removed auditor user confirmations
• A 'latest status' flag added to both auditor reports to make analysis easier
• Enhancements to make the service more resilient
• Security enhancements

• System-generated email for new responder users when initially added to the service
• System-generated email for administrators when a user requests access for an organisation
• More detailed 'not authorised' messages to inform users when they need to enable multi-factor authentication on their NHSMail account
• Ability to remove auditor users from the service
• Ability to handle upgraded alerts so that 'date sent' information reflects the date the alert was issued and not the original published date of the cyber alert article.

• Ability to add auditor users with regional permissions
• Ability for service manager users to add and remove responder users for every organisation
• Ability for service manager users to approve and deny access requests for any organisation
• Ability for service manager users to view all auditor users and their regional permissions